Just an FYI for those bankers that are regulated by OCC:The OCC is soliciting comments concerning information collection on ''Bank Secrecy Act/Money Laundering Risk Assessment'' (Money Laundering Risk (MLR) System). The OCC estimates an annual burden of 8,802 hours and estimates 1,467 responses annually. The OCC issued a 60-day Federal Register notice on November 3, 2009 (74 FR 56922) but no comments were received. Comments must be submitted by February 18, 2010.Federal Register Notice

I plan on writing a comment letter...I find the MLR data collection a burden and it does not help me at all!

I find that some of the data is useful as it helps us gather the data for our annual Risk Assessment. We use the same date range. Now granted I do have some issues with how collect the data and how they want items rounded up, but I think it has value.

Not that I would not mind it going away, but I may still use the form to help guide me in the data collection and gets the wheels turning.

I agree with Damon. This data is the basis for my annual risk assessment. Since we have been doing this for several years now, my departments know to gather the data during the year if necessary. My wire department is fantastic about collecting information on the foreign wires.

_________________________
"Life begins at the end of your comfort zone."

The rounding is crazy, but the data is useful as it makes banks count how many of certain types of customers and dollars of transactions they have, which certainly is useful for the risk assessment. Because of this form, OCC banks can answer these questions in audits better than other banks who may not have taken this step on their own, despite the need for the information.

And yes, I did have to complete the form myself when I was still working as a banker rather than a consultant.

Ken_Pegasus10K Club
Registered: 08/30/01
Posts: 18441
Loc: Another trip around the sun

The OCC got the authority to impose the MLR on its supervised institutions without going through the normal bureaucratic channels by saying it was an "emergency." I never really understood how it was an emergency for one of the five regulatory agencies, when none of the other agencies moved even an inch in the same direction. My opinion is that the OCC thought the other agencies would follow their lead when they saw how "wonderful" this thing was. Obviously, none of the other agencies have had the same vision.

Some of the information could be helpful, but certainly not all of it is and the equation should be value vs. time spent. Moreover, since it is compiled on a fiscal rather than a calendar year basis in order to fit into the OCC's bureaucratic agenda, it is both more difficult to compile and of less utility. Bankers have gotten used to it and don't bristle over it anymore, but more and more all the time they say there is no evidence whatsoever that their on site examiners have even looked at it before they arrive.

Jenny is trying to do her peers a favor by drawing their attention to this notice.

Either way, tell them what you think! (Proponents should keep in mind that even if this was not required, they could still compile the portion of the information they actually use based on a calendar vs. a fiscal year. Also, please understand that the government never ends its own burdensome requirements without prompting.)

I recall (I think!) that the OCC had implemented the MLR form just before the inter-agency guidelines were published. It seemed at the time that they were unwilling to let go of their own process. (I believe they did that once on fair lending as well.)

I don't disagree that the MLR is far from ideal and banks should certainly take advantage of this opportunity to comment on the form's structure and usefulness. I have seen the "rounding" overstate risk by a large margin.

My comment is simply that it is useful for those banks who otherwise have not gotten a handle on just what is in the bank's portfolio. I continue to be surprised to see weak BSA programs and banks that do not understand the risks they have undertaken. It is unfortunate that regulators let this slide, perhaps while a bank is small, then one day a new (to the bank) examiner shows up and slams the bank on what was found to be acceptable previously. Some examiners do a good job of cautioning banks as they grow, advising them on how to prepare for the next level when the bank is not aware itself, others do not.

I think of it like raising children. You shouldn't let everything slide and then one day out of the blue they are grounded for the same things they have been doing all along.

I have been compiling MLR data for the last 3 years, as the BSA Officer. The internal risk assessment that I perform is different in many ways and I find it more beneficial than the OCC format. As Ken stated there has not been any evidence that I am aware of that the examiners have even taken a look at the data that we submit. They have never asked any questions about it. They seem more concerned with my own internal risk assessment then the one they have us do.

I flat out find the whole process a burden. While I do understand how it could benefit some, it is just a thorn in my side here. The rounding and averaging is silly. And, they aren't even really clear on where some products/services should be reported. For example, we offer re-loadable travel cards. I asked our contact if they should be reported in #1 under the "Issuance of Traveler's Checks, Official Bank Check & Money Orders" or if they should be reported under #16 "Stored Value Cards- Reloadable". They told me it should be reported under #1. It makes absolutely no sense why I would report a re-loadable card under #1 at all. In addition, I asked if under #16 we were truly supposed to report the outstanding balances on stored value cards or just the value that was issued (on the non-reloadable gift cards) because I don't have access to what is "outstanding" they are through a third party. OCC's response was that technically they want the outstanding balance but if that is not available then the amount they purchased would suffice. Two completely different animals!

I could go on and on with other issues I have with the whole process. Its just a complete waste of time in my opinion. I'd much rather spend more time on other issues then compiling a bunch of useless data that they just kick back to me in an excel spreadsheet that they never ask about and I never really look at.

I do think that at the very least we should make a comment (and I will). It looks like the last time this went out for comment no one responded at all. I just hope I am not the only one that feels this way....

We're a state bank and the FRB is perfectly happy with our own risk assessment. I hope it stays that way. The last thing we need is the FRB designing a system for us. You national bank AML officers have my sympathy.

_________________________I make it a point never to argue with people for whose opinion I have no respect. - Edward Gibbon

I know the OCC uses the data... Our BSA examiner even called one time when he noticed changes in figures on a couple of key (in his opinion) categories of questions and data from one year to the next.

We had a change in methodology and had more clean data that caused the change as we continuously update and enhance our program. So the examiner understood and did not pursue it much farther than a phone call, but it appears some examiners may place a higher emphasis on these then others.

I know the OCC uses the data... Our BSA examiner even called one time when he noticed changes in figures on a couple of key (in his opinion) categories of questions and data from one year to the next.

We had a change in methodology and had more clean data that caused the change as we continuously update and enhance our program. So the examiner understood and did not pursue it much farther than a phone call, but it appears some examiners may place a higher emphasis on these then others.

Just my .02

It is all entered in some giant OCC database in the sky. I know other banks who have had inquiries on changes.

I know of a small national bank that was sure it did not have any Special Use/Concentration Accounts until the OCC told them those accounts included INTERNAL SUSPENSE ACCOUNTS and BRANCH CLEARING ACCOUNTS.

Whaaa....??? What, in G-d's good name, use is that? If there's a fraud problem involving a suspense account, isn't that what a good old fashioned branch audit uncovers?

_________________________
CRCM,CAMSRegulations are a poor substitute for ethics. Just sayin'

I know of a small national bank that was sure it did not have any Special Use/Concentration Accounts until the OCC told them those accounts included INTERNAL SUSPENSE ACCOUNTS and BRANCH CLEARING ACCOUNTS.

Whaaa....??? What, in G-d's good name, use is that? If there's a fraud problem involving a suspense account, isn't that what a good old fashioned branch audit uncovers?

That is how several money laundering cases in the 90s were conducted, bank staff putting funds into a bank clearing account with the funds extracted in bank in another country.

I also saw a bank allow employees to place cash directly into the wire clearing account and wire funds internationally. Not a good practice at all.

All I do in an audit is make sure that BSA realizes what these are and that these accounts are covered in audits. Sometimes I get blank stares, from BSA and from Audit.

I saw the request for comments and I will be commenting. This is a time consuming process that is redundant with our present risk assessment process. Average 6 hours per bank - oh contrare! While most of it mirrors products and services that we address in our full RA, the 9/30 date results in a manual pull of information that could be completed through annual reporting. The more manual, the more errors; therefore, we indicate many estimates. Our in-house RA addresses appropriate controls and mitigating steps and determines residual risk. The MLR does not. Would the OCC not criticize if we did not do an in-house RA? Why not use it? Off my soap box. I encourage all to write a comment letter.

I saw the request for comments and I will be commenting. This is a time consuming process that is redundant with our present risk assessment process. Average 6 hours per bank - oh contrare! While most of it mirrors products and services that we address in our full RA, the 9/30 date results in a manual pull of information that could be completed through annual reporting. The more manual, the more errors; therefore, we indicate many estimates. Our in-house RA addresses appropriate controls and mitigating steps and determines residual risk. The MLR does not. Would the OCC not criticize if we did not do an in-house RA? Why not use it? Off my soap box. I encourage all to write a comment letter.

EXACTLY my points! We also report a lot of estimates, rather than verified data.

FWIW, I did contact ABA. They have a meeting scheduled with OCC to discuss the MLR process. They originally commented on the initial roll-out of the MLR and were not in favor of it, especially since the other agencies didn't jump on board. You can find the letter on the ABA website if you are a member bank.

Just an update... we have examiners on site right now, and they are using the MLR to guide some of their testing. They asked for a copy of the most recently submitted MLR (February 5th 2009 was the deadline) and they have had it in their hands when they have been asking about particular products, services and customers.

It could just be some of us that they rely on this so heavily for (we have very diverse offerings for example) but I do know it gets looked at and used... frequently in our case. I have definitive proof.